Comprehensive Nano Wallet Guide
This page is still under construction. Like any other cryptocurrency wallet, a NANO wallet is used as a window into the NANO network. It serves three main functions: * Secure storage of your NANO seed; * The ability to communicate with the NANO network; and * The ability to append to the NANO ledger (e.g. send and receive transactions). This guide is intended to be a high level overview of a basic NANO wallet ecosystem. It is not intended as a verbatim interpretation of the NANO protocol; however, the information contained in this guide is essential for understanding the basics of how NANO is securely stored, received, and sent. Reading this guide thoroughly will ensure that you have the knowledge to safely become your own bank and avoid common errors that can lead to losing your funds. =Overview of a NANO Wallet= Briefly describe here, with pictures, the structure of a NANO wallet. Probably use NWC full node wallet for illustrative purposes. The reader can see what the seed, accounts, and public address are visually so they can connect the dots in the following sections. =NANO's Cryptographic Structure= The equation below describes the cryptographic structure of a NANO wallet. Each arrow represents a hash of the previous term(s). This means that the equation is one way only; a private key can be derived from the seed and and account number, but a seed and account number cannot be derived from the private key. The same is true with the relationship between and private key and public address. This one way structure is possible by using a hash function, specifically in this case the Blake2b hash function. A hash function is a cryptographically-secure one-way street. It ensures that the public address derived from the same seed and account number is always the same, but also ensures that the seed and account number can't be derived from the public address or private key. This is why NANO is called a cryptocurrency. Hash functions also have other features that are useful for generating unique NANO addresses. Each of the terms in this equation is important and will be thoroughly explained in the following sections. What is a NANO seed? A NANO seed is a 256-bit hexadecimal key, or 64 characters consisting of the letters A-F and the numbers 0-9: 7518A3EEFEC27DFA654A83BCA96752840A4B8F98A7D38F4386D2640462E376D5 (note: do not ever use this example as your seed!) Your NANO seed is what allows you to store, send, and receive NANO from the NANO ecosystem. A secure seed is randomly generated by the wallet in most cases. Wallets use a good source of entropy for random seed generation, ensuring that no one will ever generate the same seed again. In fact, the odds of generating the same random seed is so difficult, that even if every supercomputer in the world was randomly computing NANO seeds for the entire age of the universe (roughly 13.7 billion years), these computers would still be unable to generate the same seed twice. There are more permutations of NANO seeds than there are atoms in the entire universe. In short, no one will ever be able to steal your funds by simply guessing your wallet seed if it is generated properly (never create your own seed without the help of a secure random hexadecimal key generator). Seed Security If anyone obtains access to your seed they will have free access to the funds associated with your seed. This point cannot be emphasized enough. By using your seed, anyone with access to the NANO network will be able to steal your funds. As a result, the most important part of maintaining your wallet is to store your seed in a way that it cannot be stolen by malicious software (a virus on your computer, perhaps) or by a malicious third party. Additionally, you must keep a reliable backup of the seed so that if you lose access to your wallet you can still access your funds elsewhere. As these points are so critical, they will be summarized again: 1. If you do not store your seed in a secure way, it can lead to all of your funds being stolen. 2. If you do not backup your seed in a secure way, you will lose your funds forever if you lose access to your wallet. Seed Storage Essentials When you open your NANO wallet software for the first time, it will prompt you to save your seed. So how do you store your seed in a safe and secure way? There is no single right answer (and you can definitely be creative), but there are best practices for seed storage: * Store your seed in an encrypted file. Password managers (such as KeyPass or LastPass) are popular for this. Make sure the password you use for this is strong, known only to you, and not used for any other purpose. Sharing passwords for your Gmail account and your encrypted seed file, for example, would allow a hacker to easily open your encrypted file if they determine your Gmail password and have access to the seed file. * Store your seed in multiple locations. This could be on paper in a safety deposit box and in an encrypted file on your computer. If your computer is destroyed, or your house burns down, will you lose your seed? * Practice good cybersecurity. Don't visit dangerous or sketchy websites, use strong passwords for your websites, use different passwords for each website, and use anti-virus and anti-malware software. Be aware of phishing attempts that might ask for your seed, and never reveal it. Advanced Storage Methods When storing large amounts of NANO, the above security precautions are likely not enough. Although your seed is safely secured in the encrypted file, the seed is still exposed for the moment that you transfer it to the encrypted file, or out from the encrypted file. If your computer or mobile device is compromised during this moment, your seed could be revealed to a hacker. So how do you defend against this? * Use a cold wallet. Using this method, you create your wallet seed using a computer or device that never connects to the internet. You can then determine your public address using the wallet software and send the funds to that public address, where they will sit indefinitely in the "pending" state. When the funds need to be accessed (which requires an internet connection), the transaction can be signed on the offline computer and sent using an online computer. This method of sending NANO is for advanced users that understand how to sign transactions themselves, which is usually done automatically by the wallet, but ensures that your seed is never revealed to the online computer. If your cold wallet is only used one time, offline signing is not usually necessary as the funds will be permanently moved before the hacker could move them himself. * Use a hardware wallet. As of the writing of this article, the only hardware wallet that supports nano is the Ledger Nano S. Hardware wallets store the seed on the wallet device itself, which is a small USB-sized device. Like a cold wallet, the seed is never revealed to the online computer, and sends/receives from the hardware wallet must be confirmed physically on the device itself, not the online computer, which will thwart any attempt by malicious software to misuse your funds. The hardware wallet has its own seed that must be securely saved in case the device is lost, stolen, or destroyed. This seed can be saved safely using an offline computer or paper wallet stored in a secure location. Common Seed Storage Mistakes When saving your seed, avoid the most common errors that may result in losing your funds: 1. Verify that your seed is correct after you have copied it to a secure file. If you mistype even one letter or number of the seed, the resulting public address will be incorrect. Always double check by re-inputting the seed into the wallet from your storage file before you send funds to that account. 2. Don't take a screenshot of the seed and use that image file for seed storage. 3. Don't store your seed in a plain-text file without encryption. 4. Don't write your seed on paper and store it in a single place in your house. Will fire, water, or other disaster destroy your funds? Seeds and Hash Functions NANO uses the Blake2b hash function to encrypt private keys and public addresses. A basic understanding of hash functions is necessary to appreciate how the funds associated with your public address are cryptographically secured. In short, a hash function takes a given input and always returns the same random output. However, the input cannot be determined by the output. In this way, a hash function is analogous to a check valve; you can only move through the function one way. The following examples demonstrate how a hash function can completely obfuscate your seed. For illustrative purposes, any hexadecimal key can be used as a seed. For example, the following seed is valid: 1111111111111111111111111111111111111111111111111111111111111111 Using the first account for this seed generates the following public address: nano_1bwjtpipkzc7aj6hmuodncjmfsb4tou9word8bj9jxcm68cheipad54q66xe As you can see, this non-random seed still generates a completely random-looking public address. This is the power of the Blake2b hash function. You would never be able to discern that the seed is non-random from this public address, yet the seed will always generate this same public address from the same seed. Hash functions have other useful properties. Let's change the last number of the seed used above: 1111111111111111111111111111111111111111111111111111111111111112 Using the first account for this seed generates the following public address: nano_3gwf5kgcsdjkermpquc9y83fscibp3prk6wdd8hfpduoo81ojrfrfp7zoko3 The public address is now completely different. This is another power of the hash function. A small change in the hashed information, in this case the seed, leads to a completely different random and indistinguishable address. One other useful property of hash functions is that different inputs into the hash function are unlikely to lead to the same output. This may sound trivial, but supercomputers have found the same output from two different inputs using older hash functions, such as SHA1. This is called a hash collision and is analogous to putting "dog" and "cat" into the hash function and getting the same result. In the worst case, this would mean that two people using different seeds might share the same public address. Good hashing algorithms such as Blake2b and SHA2 make finding a hash collision nearly impossible. Mnemonic Seeds Some wallets use mnemonic seeds, where words are used for the seed instead of the 256-bit hexadecimal key. The wallet can use any combination of words (usually 12-24 words together, known as a seed phrase) and use these words as entropy for creating the hexadecimal key. The wallet software will make this conversion for you automatically if it supports mnemonic seeds. A combination of words can be memorized and is practically just as secure as generating a random hexadecimal key. What is a NANO Account Number? Let's look at NANO's cryptographic structure again: As you can see, NANO addresses are not derived just from the seed; they are also generated using an account number. An account number is any number between 0 and 2^32 - 1 (or 4,294,967,295). Since the account number is deterministic, knowing the seed is still enough to check every single one of the roughly 4 billion accounts associated with the seed. However, it does allow for a method of creating multiple indistinguishable accounts using a single seed. This is useful if you want a different "spending" or "savings" account using the same seed. If you are a NANO service, such as an exchange, it allows for multiple people to have separate accounts on the service while still using a single seed for the back-end. The following illustrates how account numbers affect private keys and public addresses associated with the seed: Since the public addresses derived from different account numbers on the same seed are indistinguishable, there is no way to know by looking at the public ledger whether or not two or more public addresses are connected to the same seed. Not all wallets support multiple accounts. With these wallets, usually only the first account (account 0) is used for the wallet. What is a NANO Private Key? Again, let's refer to the NANO structure: Wallets do not typically show you the private key associated with a particular seed and account number. However, NANO transactions are actually "signed", or sent, using the private key, not the seed. Although the average NANO user will never use a private key, it is an essential part of the protocol and is therefore worth mentioning here. Just like a seed, if someone has access to your private key, they have complete access to the funds associated with the public address. However, they would not have access to the funds on other accounts associated with the seed. You cannot deduce a seed from a private key. In this way, if your seed is stored securely, splitting your NANO funds between multiple accounts on the same seed can increase the security of your funds. What is a NANO Public Address? A public address is where you send NANO to and receive NANO from. No one with your public address can access your funds. Your funds are not private, and anyone can see them on the ledger if they know your public address. However, they likely do not know the address is associated with you. You are “pseudo-anonymous”. Public addresses are viewable on any block explorer (Nanode, Nanocrawler). By searching for an address on a block explorer, you can see the funds associated with an address, the transaction history of the address, and in most cases the timestamp of each transaction. These transactions are immutable and secured by the overall NANO network. Once NANO is sent to an address, it can only be accessed by the owner of that address. You may notice that a NANO public address looks very different from the 64 character hexadecimal seed or 64 character hexadecimal private key. In fact, the public address is derived from a public key, which is in the same 64 character hexadecimal format as seeds and private keys. This 64 character public key is converted into a 52 character public address using a specific base32 encoding algorithm. This conversion is made to prevent human transcription errors by limiting ambiguity between different characters. For example, the letter "l" is never seen in a NANO public address because it is too similar to the number "1". The address prefixes xrb_ and nano_ can be used interchangeably. The prefix xrb_ is a legacy term from before NANO was rebranded from Raiblocks and is still used often. While all wallets understand the xrb_ prefix, not all understand the newer nano_ prefix. NANO Block Types On a block explorer, you will notice that there are multiple types of NANO transactions. These are classified as send, receive, change, and open blocks. Send Blocks Receive Blocks Change Blocks Open Blocks =Wallet Software= Tables will be provided with links and more information to every existing NANO wallet. A tabular comparison will also be made. Full Node Wallets Light Wallets ...Light wallets should never be used to store large amounts of NANO unless used in conjunction with a hardware wallet.